A bug in the wpa_supplicant Wi-Fi stack commonly used in Linux and some BSDs, is the source of recent versions of Android broadcasting Wi-Fi history when a device’s screen is switched off.
The problem was discovered by the Electronic Frontier Foundation (EFF) who said in a blog post that a user’s location history could be determined from Android’s behaviour.
“This location history comes in the form of the names of wireless networks your phone has previously connected to,” the EFF said. “These frequently identify places you’ve been, including homes (‘Tom’s Wi-Fi’), workplaces (‘Company XYZ office net’), churches and political offices (‘County Party HQ’), small businesses (‘Toulouse Lautrec’s house of ill-repute’), and travel destinations (‘Tehran Airport wifi’).”
The rights organisation said it considered the plain text of wireless names more dangerous than usual geolocation data, because it “clearly denotes in human language places that you’ve spent enough time to use the Wi-Fi”.
The leaking of Wi-Fi SSID history was found to take place when a device was not connected to a Wi-Fi network, and the device was looking to connect to either a hidden network or a Wi-Fi network that the device had joined previously.
In tests conducted by the EFF, it was found up to fifteen of the networks stored in a device’s history were transmitted. Among the devices found to be leaking were Google Nexus 4 and 5, HTC One, Motorola Droid 3+, and Samsung Galaxy Nexus — a number of devices were tested with Cyanogenmod and were found to continue leaking. Devices that were found to not leak included Samsung Galaxy S3 and S4, HTC One Mini, and iPhone 4 or later.
Phones were not the only devices suffering from the issue, with all OS X laptops and many Windows 7 laptops exhibiting the same behaviour.
“Desktop OSes will need to be fixed, but because our laptops are not usually awake and scanning for networks as we walk around, locational history extraction from them requires considerably more luck or targeting,” the EFF said.
The issues was traced back to the addition of the Preferred Network Offload feature of Android 3.1, which is designed to allow for Wi-Fi connections when a device screen is not on. The EFF found that the Wi-Fi SSD leaking did not occur when a device’s screen was powered on.
After being informed of the issue, Google patched wpa_supplicant to remedy the situation, but the EFF warns with the fragmented state of Android, and the update process needed to negotiate handset and telco companies, that many prevent many Android users from receiving the fix.
Until a patch arrives, the EFF suggests users worried about their privacy set the “Keep Wi-Fi on during sleep” option, found under advanced Wi-Fi settings, to “Never”. However, on a Motorola Droid 4 running Android 4.1.2, it was found that this workaround did not end the leaking.
A more thorough fix is to manually forget networks or to disable Wi-Fi entirely.